CVE-2011-10018
published 2025-08-13CVE-2011-10018: myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.86%
76.6th percentile
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mybb | mybb | — | — |
| mybb_group | forum_software | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests containing a 'collapsed' cookie with PHP code or shell command payloads — this is the attack vector for the myBB 1.6.4 backdoor. ↗
- →Exploitation requires no authentication; any unauthenticated request carrying a malicious 'collapsed' cookie should be treated as a high-severity alert. ↗
- →Flag or block installations of myBB version 1.6.4, as the backdoor was embedded in the distributed source package itself. ↗
- ·The backdoor was introduced during packaging, not in application logic — file integrity checks against the official vendor package for myBB 1.6.4 are unreliable; compare against a known-clean version instead. ↗
- ·The backdoor was part of the vendor's distributed source package, meaning any deployment sourced from the official 1.6.4 release is potentially compromised. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rbhttps://web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/https://www.exploit-db.com/exploits/17949https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-executionhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rbhttps://www.exploit-db.com/exploits/17949
2025-08-13
Published